[1668] in bugtraq

home help back first fref pref prev next nref lref last post

Re: sniffers

daemon@ATHENA.MIT.EDU (der Mouse)
Tue May 2 10:54:10 1995

Date: Tue, 2 May 1995 07:56:20 -0400
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
To: bugtraq@fc.net

>> These are all good ideas, however many sniffers are not Unix systems
>> that can be logged into and examined.  I have worked with DOS based
>> sniffers (Network General Sniffer, Excelan, HP, etc) that are far
>> superior to suns (as sniffers/protocol analayzers) and I doubt that
>> they are easily detectable even with their transmit lead intact.

> I don't think the machine you run sniffer software on could make it
> better or worse, they all get the same packets;)

Not quite.  Some machines designed as sniffers / network analyzers have
special network interfaces that let them see things like packets with
Ethernet CRC checksum errors, runts, giants, etc - stuff that most
Ethernet interfaces either silently drop or just report the existence
of.

Also, the software on a dedicated machine has usually received a lot
more attention to making it useful than the network sniffing software
on a general-purpose machine.  (Unfortunately, it generally is also
completely fixed - you get what someone else thinks is useful, with no
way to modify it to do what _you_ want done.)

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu

home help back first fref pref prev next nref lref last post